fedora 24
crypto weakness #282

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

dx-4.4.4/src/exec/dpexec/license.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 crypto weakness.

 	/* wait for response from the child */
	i = read (out[0], auth_msg, AUTH_MSG_LEN);
	if (i != AUTH_MSG_LEN) {
	    perror ("License Error:Bad message read from dxshadow");
	    exit (-1);
	}
	
        if (ltype == MPLIC) 
            mplic.child = child;
        else
            dxlic.child = child;

	/* decipher license message here */
	
	child = (child < 4096) ? (child+4096)
	                       : (child);       /* forces to be 4 0x chars */
	
	strcpy(ckey, c_buf+4);
	sprintf(ckey+4, "%x", child);
	
	salt[0] = '7';
	salt[1] = 'q';
	salt[2] = '\0';
	
	strcpy(p_buf, crypt(ckey, salt));;
	
	for(i=0;i<13;i++)
	    c_buf[i] = auth_msg[(i*29)+5];
	c_buf[13] = '\0';
	
	if (strcmp(c_buf, p_buf)) {
	    /* Bad message from child */
	    perror("License Error: invalid message from license process.");
	    exit (-1);
	}

	/* valid message so we extract license type */
	for(i=0; i<8; i++)
	    c_buf[i] = auth_msg[(i*3)+37];
	
	c_buf[8] = '\0';
	sscanf(c_buf, "%x", &i);
	netls_type = 0xffff & (i^child);
	i = i >> 16;
	ltype = 0xffff & (i^child);
#if LIC_DEBUG 
	fprintf(stderr,"Received...\n"
		"c_buf = '%s', ltype = 0x%x, netls_type = 0x%x, mask = 0x%x\n",
				c_buf,ltype,netls_type,child);
#endif 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.